Systems and methods for authenticating network messages

1. A computer-implemented method for use in providing authentication of an application programming interface (API) message to a network, the method comprising: receiving, by at least one computing device, an API message from a client, the API message including a client certificate, the at least one computing device coupled between the client and an API gateway, the API message directed to one or more backend services each exposing one or more APIs to the client; appending, by the at least one computing device, the client certificate to the API message as an object; transmitting, by the at least one computing device, the appended API message to the API gateway, the API gateway associated with a plurality of recognized computing devices; validating, by the API gateway, for the appended API message, the at least one computing device based on a certificate identifying the at least one computing device as one of the recognized computing devices; validating, by the API gateway, for the appended API message, the client based on the client certificate appended to the API message; and causing a security token indicative of the client to be generated for the appended API message, when the at least one computing device and the client are validated, whereby the security token is indicative of the client and permits the API message, from the client, to be delivered to the one or more backend services.

2. The method of claim 1 , wherein validating the at least one computing device includes validating a distinguished name of the certificate identifying the at least one computing device as consistent with the one of the recognized computing devices.

3. The method of claim 1 , wherein causing the security token to be generated includes: generating an internal security token, when the at least one computing device is validated and the client is validated; causing a security service computing device to convert the internal security token into said security token; and transmitting the API message including said security token to the one or more backend services indicated by said API message.

4. The method of claim 3 , wherein at least one of the internal security token and said security token includes a security assertion markup language (SAML) token.

5. The method of claim 1 , further comprising validating, by the at least one computing device, the client based on the client certificate, via a global access manager, prior to appending the client certificate to the API message as the object.

6. The method of claim 1 , wherein the object includes an X509 object; and wherein appending the client certificate to the API message includes appending the X509 object to a header of the API message.

7. The method of claim 1 , wherein the API message includes an HTTP request; and wherein appending the client certificate to the API message includes appending the client certificate, as an X509 object, to a header of the HTTP request.

8. The method of claim 1 , wherein the client includes a merchant plug-in (MPI) associated with a 3D secure protocol; and wherein the API message includes an authentication request.

9. The method of claim 1 , further comprising terminating the API message when the at least one computing device is not validated.